Mobile Malware, Hacktivism Top List of Major Security Concerns

The latest quarterly malware report highlighted smartphone security and hacktism as some of the major trends in the ever-evolving security landscape.

On the heels of recent reports noting the increase in
attacks against mobile devices, Panda Security's latest quarterly malware
report found smartphone malware dominated the security landscape during the
first quarter of 2011.
There was virus activity in the first quarter of 2011 than there was in the last quarter of 2010, Panda
Security's anti-malware laboratory, reported April 5. The report, which
analyzed IT security events from Jan. 1 to March 31, highlighted several major
security incidents, including the malicious apps that were found on the Android
Market and the successful attack against HBGary Federal by the Anonymous
hacktivist group.

A number of security advisories and proof-of-concepts
reporting mobile vulnerabilities emphasized the need to focus on mobile
security. Cyber-criminals have renewed focus on proven strategies such as
infecting smartphones with malware that generates premium-rate text messages.
Users are unaware of these messages being sent until they receive their monthly
bills. For example, a Russian gang distributed an app that let users send
romantic images for Valentine's Day. When a user tried to send a picture
message, a SMS was sent instead to a premium rate number.

Malware developers are taking advantage of the fact that the
Android platform allows users to install applications from anywhere, even though
it is recommended that users stick with the official app store. Even if they
can, users should refrain from downloading apps, wallpapers and games from
unofficial and questionable sources.
The report highlighted the malicious applications that were discovered
on Google's Android Market in the beginning of March as "the largest single
attack against Android cell phones." The malicious applications on Android
Market were downloaded over 50,000 times over just four days. The apps
installed a Trojan which stole personal data and downloaded and installed other
apps. Even though the users were hit despite using the official store, it was
quickly remediated as Google removed the malicious apps and several days later
remotely uninstalled them from user devices.
A mobile of Zeus Trojan also made the rounds this quarter,
which was designed to bypass the double authentication system implemented by
many banks and financial institutions. Users were prompted by the Trojan to
enter a phone number to which the "security certificate" should be sent to.
When users downloaded the certificate, it had the capability to intercept all
SMS messages sent to the phone, such as password codes and security hints used
to secure bank accounts.
The increase in smartphone malware could be driven by the
fact that smartphones exceeded PC sales in fourth quarter of 2010, the
researchers speculated.
The surge in malware activity in the first three months of
2011 was driven mainly by new threats in circulation, PandaLabs researchers
found. Cyber-attackers created 26 percent more new threats in this quarter than
they did during the first quarter of 2010, and 16 percent more than the fourth
quarter of 2010. The laboratory received an average of 73,190 new samples of
malware everyday, of which 70 percent were Trojans.
Another major trend, cyber-activism, was driven by the
political events that rocked parts of the Middle East and North Africa in
January and February. Governments, including Egypt and Libya, imposed curfews
and shutdowns to restrict people's access to the Internet. Several people have
also been arrested in Europe for taking part in distributed-denial-of-service
attacks as part of the Anonymous hacktivist group in support of the
whistle-blowing site Anonymous.
The group was behind attacks on non-Wikileaks targets, such
as Egypt and other North African countries.
Scammers took advantage of the unrest to send out spam that
was tailored to feed into people's interest in getting news from that part of
the world.